geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject Re: Password visible for deployment
Date Fri, 26 Nov 2004 15:29:29 GMT
	If you omit the username and password, you'll be prompted for 
them.  They still echo, though.  The most secure way currently is to pipe 
the username and/or password to the deploy tool and leave the arguments 
off the command line.  It would be nice if we could disable echo for the 
password prompt, but I don't know how to do that.

Aaron

On Fri, 26 Nov 2004, Deepak Nayal wrote:
> Hi
>  
> This is the very first day that I have started to use Geronimo :-)
>  
> After going through its docs, it seems that the deployment needs the username and the
password whch are given as arguments to the DeployTool class. However, I believe this is a
security threat as a hacker can check out the history list in UNIXes and can get the USER/PASS.
So I believe we should have a tool which encrypts the user/pass and puts them in a file and
then that filename can be passed as the argument to the DeployTool class. The 'org.apache.geronimo.deployment.cli.ServerConnection'
class can be edited to reflect this change.
>  
> My sincere apologise if this seems to be a wierd idea.
> Please do let me know your views.
>  
> Regards
> Deepak Nayal
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
>  
> 
> 
> 		
> ---------------------------------
> Do you Yahoo!?
>  Meet the all-new My Yahoo!  Try it today! 

Mime
View raw message